Re: Want to Protect my Software - Recommendations?

I want to protect my software such that upon invocation of installer,
it sends to my web site some hash of the customer's PC hardware
configuration, then in my web server a script will generate a matching
"unlock" key that will let the installer proceed and send it back to
the user (via HTTP).

If you don't want your software pirated then don't sell it. Better
yet, don't write it. Something is seriously broken if your software
requires re-authorization (or worse, payment again) just because
the user upgraded his CPU, hard disk, network card, or quantity of
RAM. And if you don't advertise this defect *on the outside of the
box* (or in the description on the web site if you deliver online),
expect to lose in court when customers demand a refund.

I am not a cryptologist but my initial thoughts about implementing the
above were that I am basically looking for a function (C/C++) that
knows how to do asymmetric encryption/decryption.

Your biggest problem is trying to avoid a place in the code where
"does the unlock code match the hardware" is decided, and have
someone patch that into an unconditional branch. It's very difficult
to make an encryption setup work when you have to run on the enemy's
computer, and your program has to have information that you must
not let the enemy have. The closest analogy I can think of is cable
and satellite boxes, which try to protect the keys with tamper-proof
hardware but still get cracked often.

(it seems like a symmetric encrypt/decrypt function would do, too, if
I send the hardware configuration representation clear text, then
generate an encrypted version of it that would serve as the unlocking
key, but then once the encryption function is known, all such keys are
broken...)

Since I am still operating on a shoe string budget, I am looking for
such a function (or library) that I can include in my code, without
having to be bound by the GPL license (having to publish my entire
software's source code just because I used GPG).

Can you recommend a public-domain (or LGPL) library/function that can
help me implement the above?

Distribute a live lawyer in the box with your software. The license
will have to deal with who feeds the lawyer.

.

Relevant Pages

  • Re: Securing a Folder
    ... Please explain where he can get *hardware based* whole drive encryption free. ... IronKey 1GB secure USB Flash drive | Register Hardware ... DTVaultLock security software for Windows to access encrypted ...
    (alt.privacy)
  • [HV-INFO] Enova hardware encryption: false sense of security
    ... Enova Technology is a manufacturer of the X-Wall ASIC that provides ... transparent IDE/ATA hard disk encryption. ... A critical design flaw makes possible to duplicate hardware tokens and/or ...
    (Bugtraq)
  • Re: modulo
    ... cryptography key of some length, and if you use the key to encrypt ... the only way a 512-bit encryption algorithm ... dedicated hardware to attack it will never succeed. ...
    (comp.programming)
  • Re: Windows XP corrupting HD - what is the solution?
    ... what am I to do to fix it? ... >hardware for this shabbily written version of Windows? ... Hardware drivers are the responsibility of the hardware manufacturers, ... hard drive manufacturer's web site and run it to check out your drive. ...
    (microsoft.public.windowsxp.hardware)
  • Re: Decryption Performance
    ... You also might be interested in accelerator hardware. ... Assymmetric encryption involves specialized computation, ... significant performance gains when offloading crypto math processing to ... We have found that the only way to secure a SQL Server DB in this ...
    (microsoft.public.dotnet.security)